* SECURITY UPDATE: TLS Denial of Service
- debian/patches/CVE-2021-41079.patch: Apache Tomcat did not properly
validate incoming TLS packets. When Tomcat was configured to use
NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be
used to trigger an infinite loop resulting in a denial of service.
- CVE-2021-41079
* SECURITY UPDATE: Authentication Vulnerability
- debian/patches/CVE-2021-30640.patch: A vulnerability in the JNDI Realm
of Apache Tomcat allows an attacker to authenticate using variations of
a validc user name and/or to bypass some of the protection provided by
the LockOut Realm.
- CVE-2021-30640
* SECURITY UPDATE: Request Smuggling
- debian/patches/CVE-2021-33037.patch: Apache Tomcat did not correctly
parse the HTTP transfer-encoding request header in some circumstances
leading to the possibility to request smuggling when used with a reverse
proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding
header if the client declared it would only accept an HTTP/1.0 response;
- Tomcat honoured the identify encoding; and - Tomcat did not ensure
that, if present, the chunked encoding was the final encoding.
- CVE-2021-33037
* SECURITY UPDATE: remote code execution via session persistence
- debian/patches/CVE-2021-25329.patch: The fix for CVE-2020-9484 was
incomplete. When using Apache Tomcat with a configuration edge case that
was highly unlikely to be used, the Tomcat instance was still vulnerable
to CVE-2020-9494. Note that both the previously published prerequisites
for CVE-2020-9484 and the previously published mitigations for
CVE-2020-9484 also apply to this issue.
- CVE-2021-25329
* SECURITY UPDATE: Request Header Duplication
- debian/patches/CVE-2021-25122.patch: When responding to new h2c
connection requests, Apache Tomcat could duplicate request headers and a
limited amount of request body from one request to another meaning user
A and user B could both see the results of user A's request.
- CVE-2021-25122
* SECURITY UPDATE: HTTP/2 request header mix-up
- debian/patches/CVE-2020-17527.patch: HTTP/2 It was discovered that
Apache Tomcat could re-use an HTTP request header value from the previous
stream received on an HTTP/2 connection for the request associated with
the subsequent stream. While this would most likely lead to an error and
the closure of the HTTP/2 connection, it is possible that information
could leak between requests.
- CVE-2020-17527
* SECURITY UPDATE: HTTP/2 request mix-up
- debian/patches/CVE-2020-13943.patch: If an HTTP/2 client exceeded the
agreed maximum number of concurrent streams for a connection (in
violation of the HTTP/2 protocol), it was possible that a subsequent
request made on that connection could contain HTTP headers - including
HTTP/2 pseudo headers - from a previous request rather than the intended
headers. This could lead to users seeing responses for unexpected
resources.
- CVE-2020-13943
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13943
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-17527
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-9484
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-9494
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-25122
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-25329
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-30640
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-33037
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-41079
** Patch added: "Imports security patches from Debian"
https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1915911/+attachment/5569953/+files/1ubuntu0.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1915911
Title:
Tomcat9 package is old version with many security issues
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1915911/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
